Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/lib/gitlab/path_traversal.rb
diff options
context:
space:
mode:
Diffstat (limited to 'lib/gitlab/path_traversal.rb')
-rw-r--r--lib/gitlab/path_traversal.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/gitlab/path_traversal.rb b/lib/gitlab/path_traversal.rb
index d42b5fde615..c8308c9da1c 100644
--- a/lib/gitlab/path_traversal.rb
+++ b/lib/gitlab/path_traversal.rb
@@ -15,13 +15,13 @@ module Gitlab
# We url decode the path to avoid passing invalid paths forward in url encoded format.
# Also see https://gitlab.com/gitlab-org/gitlab/-/merge_requests/24223#note_284122580
# It also checks for backslash '\', which is sometimes a File::ALT_SEPARATOR.
- def check_path_traversal!(path)
+ def check_path_traversal!(path, skip_decoding: false)
return unless path
path = path.to_s if path.is_a?(Gitlab::HashedPath)
raise PathTraversalAttackError, 'Invalid path' unless path.is_a?(String)
- path = ::Gitlab::Utils.decode_path(path)
+ path = ::Gitlab::Utils.decode_path(path) unless skip_decoding
if path.match?(PATH_TRAVERSAL_REGEX)
logger.warn(message: "Potential path traversal attempt detected", path: path.to_s)
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 16:53:31 +0300